Shellshock Bash Attack? Most Macs Are Safe

You have heard the Shellshock bash bug hype — Macs are vulnerable. That your Mac is vulnerable. Well, maybe if you are running a Mac server, but the vast majority Mac users have little if anything to worry about vis a vis Shellshock.

How’s that? All modern Macs run OS X. OS X is Unix, which includes the extremely flexible and powerful Bash functionality hackers are exploiting.

However, your Mac’s default factory setup means you probably aren’t vulnerable to the most dangerous versions of the Shellshock bash bug attacks. Those running a server or web server on a Mac have worries, but the rest of us are, on the whole, pretty safe.

But there is no need to take my word for it.

“Macs have Bash, and are just as vulnerable as anything else,” writes TidBITS Security Editor Rich Mogull. “However, the default configurations of most Macs appear to block the highest-risk methods of exploiting the bug.”

Still worried? Apple has said publicly that, “The vast majority of OS X users are not at risk to recently reported bash vulnerabilities … With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users.”

Apple, Mogull and other smart people on the web suggest users turn on your Mac’s built-in Firewall.

That said, your Mac’s Firewall should always be turned — it’s just good basic Mac hygiene.

Shellshock Mac: Clean Living

If you share a printer with others or perhaps your iTunes Library, OS X will ask you want to authorize those services. If OS X asks about a service you don’t recognize or understand, look it on the internet and, if it seems janky or you don’t understand, deny permission.

Also, use a secure password. The best way to protect your Mac, data and identity is with a good password, one that isn’t a dictionary word and has at least eight characters long with a fix of letters, numbers and at least one capital letter.

Like Firewall, a good password is good basic Mac hygiene.

Lastly, Apple will issue a patch for the Shellshock bash bug vulnerability. So, keep an eye out for Software Updates from Apple and apply ASAP…